Need advice for rebuilding a system for HDD's and Array

I need to blow my system away and start from scratch and really need some advice.

I have 4 750 gig hard drives, currently setup on RAID10. Initially, it was setup mainly for storage and the ability to keep huge databases on it. I partitioned it into 3 drives, C=OS; F=Programs and DB; Z= Storage.

The DB part is gone, and the storage thing isn't so much of an issue for me as much anymore. I have the luxury of really doing anything I want with it. I am more interested in security and anonymity now.

I originally set it up for redundancy and have no back up device. The only major problem I have right now is there are some things that I wanted to get off the system that I don't want to lose, and I have no idea how to do that without a backup device. I could possibly burn out the important stuff to DVD, but I have enormous amounts of other stuff I would loose as a sacrifice if I did that option. I was thinking that I could pull one of the drives out of the array, scrub it, and move stuff out to it, while the machine works on an incomplete array.

The thing I can't figure out though, is if my machine is truly infected with something that I suspect it might be, and none of the protection stuff is catching it, then all I will be doing is spreading this around from one drive to the next by reconnecting them back up to possibly infected drives.

Any thoughts on how I can get around the infection thing to make my system truly clean from the start without having to get a back up device?

Knowing what I have said, what would you build given the options? (amount of partitions, what kind of array, what goes on what drives, and anything else I am not thinking of)

I can handle the windows install part, and get it stripped down pretty good with services and the like to keep things at a minimal for vulnerabilities. I know what order to put what on once windows is up and running for the most part, but is there anything else I should include from the start that I don't know about or you would put on for sure?

What about encryption stuff for the drives? I have never used it before.

What software should I use to wipe the drives completely clean to be safe from anything lingering?

My first thought would be that if you have a virus etc, and you copy that to a data drive, why would you worry about it? A virus needs to install to the OS. If it just sits in data, unless you execute it again, it isn't really a worry. A scan should then find it.

I would appraoch it like this:

Move data to single drive. Install fresh OS on a different drive. Install AV or tool of choise to OS drive, scan data drive.

Then work on setting up new machine, knowing that data is safe on dedicated drive. When ready, move data to permanent home. I would put it on optical or flash media if you really don't want to lose it.

Boot from a bootable Linux CD to moves files around. That shouls stop any infection from running if you do copy it I also suspect it will be difficult to remove 1 drive from that array and reattach it to the machine without it adding it back to the array unless you put it on another controller. And as tempting as it is to not keep backups for RAID, there are other reasons for dong it besides hardware failure.

What I would do is this. You need to back up even using RAID 10! Good USB drives don't cost very much. I like WD My Book. Even 1 TB would be enough. Get drive imaging software. I like ShadowProtect. Images are compressed, and you can mount them read only, and copy back what you need, when you need it. After you have verified images of all drives, install Ubuntu 10.04.3 x64 Desktop using [-http://releases.ubuntu.com/lucid/ubuntu-10.04.3-alternate-amd64.iso]. If you're feeling brave, partition manually and go for RAID 10 with encrypted LVM. It's really not that hard. After updating Ubuntu, install VirtualBox x64, and install Windows as VM. Then mount your drive images, and copy what you need.

My first thought would be that if you have a virus etc, and you copy that to a data drive, why would you worry about it? A virus needs to install to the OS. If it just sits in data, unless you execute it again, it isn't really a worry. A scan should then find it.

I would appraoch it like this:

Move data to single drive. Install fresh OS on a different drive. Install AV or tool of choise to OS drive, scan data drive.

Then work on setting up new machine, knowing that data is safe on dedicated drive. When ready, move data to permanent home. I would put it on optical or flash media if you really don't want to lose it.

Sul.

Click to expand...

I don't think it is a virus. I don't know exactly what it is, but I don't think it is a virus per-say. There are a lot of things that "should" of found it, including all the updates I put on my system as a suggestion from this site, and it bypassed everything, including Online Armor, Malwarebytes, Spybot, Kasprensky, all running just to name a few. Since, I have run just about everything and it's brother out there, and nothing is detecting it. However, it bypassed OA and opened up ports, and started dumping my HDD. I have to immediately shutdown my interent, remove OA, and put Comodo back on. Whatever this thing is that I have, it is still bypassing everything, and now it is cleaning my Comodo logs fresh, so I can't see what it is doing to the firewall. This isn't your typical bug that I caught that you are going to see in the mainstream. This is at a much higher level than most of what you guys know about or are use to seeing because every single piece of software failed to detect it. I am absolutely clueless how it got around 2 firewalls, including running comodo in panic mode.

I don't care at this point about figuring it out, and I know where I got it from, so I just need to reload everything from scratch, and stay away from where I picked it up.

I am not sure about how RAID 10 works as far as being able to wipe logical drives clean. I was going to try and use DBAN but it doesn't work on logical drives, just physical. Can I wipe logical drives clean another way without destroying the RAID completely, if so with what?

Moving my data out to a backup source isn't possible at the moment. I can't go get a USB or any other type of backup, and need to find another way around that for right now.

I can move all my important stuff like pics, docs, etc...to CD's. The main thing I have left that I am concerned about losing, but willing to if I have to, is my music, which is absolutely enormous to move to CD's.

How do I wipe the "logical" drives clean without destroying the Array if this bug is that sophisticated?

Should I stay with this RAID 10, setup a different RAID, or setup individual drives. My current setup is 4 x 750 Gig HDD's in a RAID 10, split into 3 logical drives. C and D drive is 96 gig each. E is the remainder of the Array and where the music resides.

Can I do this without losing my music w/o a backup drive, and still feel like I am completely safe?

If not, and I need to destroy everything, what would you guys suggest would be the best way to setup the 4 drives, i.e. type of Array, how many partitions, how much space on each partition, and how would you wipe them?

I really don't care how I set it up, as most of my needs have gone away from the current setup. Now i am more focused on security, anonymity, and avoiding stuff like this in the future. There is a chance that I will be at sites that has extremely sophisticated stuff running on it to intercept, destroy, manipulate, etc... Just assume that I will be running into the best of them out there. Make that assumption, don't underestimate what I am saying please. Before anyone gets worked up over what I am saying, it has nothing at all to do with doing anything illegal, or going anyplace illegal. There are traps setup specifically for people like me to fall into when doing certain research that I can't always avoid, and some of these folks are some of the best in the biz.

The way I am looking at it right now is to just bite the bullet, lose all my music, destroy the array, DBAN the drives, install OS on one drive, use the other drives for whatever, or maybe even setup an array on the other drives, reintall windows, truecrypt the drives, run things at a minimal, practice safe security measures from advice from the rest of the threads I have read here.

I was going to set it up with:
Online Armor just because of that price they are offering right now. However I am concerned because it bypassed OA like it wasn't even there. If I didn't have popups enabled, I would of never seen all the ports being opened that it just instantly accepted, and then hit the panic button. However, if it is destroying my comodo logs at will, I really don't think it matters in this case which one I use.

I will also put DDWRT on my router during the reload of everything else.

I am not going to mess with Linux right now as an option because I know nothing about it and the learning curve would just be too much right now. It's important that I get back up and running ASAP, so Windows 7 64 is it for now.

Anything you feel like suggesting or picking apart in here please feel free. However, I need to do this today sometime, so keep that in mind that I can't go back and forth for long.

Also, what if I wanted to keep the door open for a dual/boot for later down the road. Say I just wanted to get windows up and running for now, but sometime in the next few weeks add Linux...then how should I configure things now so that I can do this dual boot some time soon?

At some point when you have the time I would suggest Dr. Web Cure It.
Hopefully it will tell you and you will tell us what this virus/malware/rootkit is.
Sorry for all your troubles. Hang in there.
Hugger

Ignoring the virus or whatever you have, and instead focusing on how you might configure things for future use, here is what I would do if I were in your position.

Take 2 drives, at 750gb and put them into a mirrored RAID array. Partition them if you like. This is your data drives.

Take other drives, and whether RAID or not, put OS on them. Or you could put 3 drives for data and single for OS. No matter how you do it, the idea is to have OS on one drive, so you can wipe it as needed, and have data on other physical media.

This is advantageous for many reasons, but for me the primary 2 are:
1. OS can be wiped easily without affecting data
2. virii etc typically affect the OS drive, and not data drive. Data drive will not typically affect OS.

Regarding saving your data -

Here is a simple diagram of RAID 10http://www.thegeekstuff.com/2010/08/raid-levels-tutorial/
if you have this type of raid, you SHOULD be able to remove drive 2 or 4 from the array, and still have complete contents available. I think this is called a degraded array when you move a drive out like that. Normally you would put a replacement drive in, and the RAID would rebuild the data back onto that 4th drive for redundancy.

However, it should operate with only 3 drives, which would give you the opportunity to wipe the removed drive, format it, and copy the data from the RAID array to the single drive. Once your data is backed up, you can then decide how you want to reconfigure everything.

I have not messed with RAID much in the last few years, so do a little homework on this before you attempt it. The last real true RAID array I had used 5 drives and one hotswap, a bonafide server. Your home PC might behave differently (I assume it is just an enthusiast mobo with RAID 10 capabilities).